[00:03.630 --> 00:10.370]  Yeah, no. I think we're gonna have to do it tomorrow. We'll do it tomorrow. I got to go.
[00:10.370 --> 00:18.310]  I got to go. I'm giving a presentation at DEF CON. The cool thing is I'm recording it now
[00:18.310 --> 00:23.230]  and it's going to be presented 20 years into the future in 2020. Isn't that cool?
[00:23.410 --> 00:26.190]  All right. All right. I'll talk to you tomorrow. All right. Bye.
[00:28.430 --> 00:36.150]  Yeah. Hi, everyone. It's good to be here. I'm coming to you from the past to talk about the
[00:36.150 --> 00:46.210]  90s and how pen testing really came from the hacker community and just wouldn't really be there
[00:46.800 --> 00:53.850]  if it wasn't for the hacker community. So I have some slides and I'm gonna share my screen here
[00:53.850 --> 01:02.430]  so we can we can see them. All right. Great. I hope everyone can see the slides.
[01:03.610 --> 01:12.770]  So, yeah. I'm happy to be here. My name is Chris Weisoppel. Some people might know me as
[01:12.770 --> 01:21.670]  Weld Pond. And I'm gonna talk about how red teaming was born from the hacker community.
[01:24.210 --> 01:31.950]  Some of you may have seen this picture. This is a picture of the group of us from the Loft,
[01:31.950 --> 01:40.330]  which was a hacker group that I'm part of. And we actually got these t-shirts made up
[01:40.330 --> 01:45.650]  to commemorate the event, Feds Love Loft. But we testified at the Senate. It was a little
[01:45.650 --> 01:52.970]  controversial at the time. We were the first hackers to talk about computer security and try
[01:52.970 --> 01:59.870]  to help the U.S. government understand what was going on. I don't know if you can see our
[01:59.870 --> 02:05.610]  placards there in front of us, but they have our hacker names, not our real names,
[02:05.610 --> 02:09.550]  which I thought was pretty interesting. They let us testify with our hacker names because,
[02:09.550 --> 02:15.930]  of course, back in the 90s, it was kind of risky to be called out as a hacker with a hacker handle
[02:16.930 --> 02:22.230]  and posting about vulnerabilities and things like that. So we didn't want to risk our day jobs
[02:23.050 --> 02:29.990]  we were all, a lot of us were in IT. And, you know, if you said bad things about a big vendor,
[02:29.990 --> 02:38.070]  it might be bad for you and your job. Unfortunately, or fortunately, I'm not sure
[02:38.070 --> 02:46.110]  what, but, you know, our pictures were posted with our, it was posted in the newspapers the next day
[02:46.110 --> 02:52.550]  and people at work kind of knew what we looked like. So the jig was kind of up that we did this,
[02:53.170 --> 03:01.530]  that's me there. And here's a little different. I've made it a little bit shorter. But, you know,
[03:01.690 --> 03:08.510]  a lot of people say, you know, how did this happen? How did you get there? And it really was,
[03:09.250 --> 03:17.070]  you know, doing things the hacker way, you know, reverse engineering, exploring,
[03:18.270 --> 03:25.130]  looking at hosts and networks, but we did it on our own machines. And we did it in order to
[03:25.130 --> 03:32.390]  publicize the insecurity in software and hardware and took on a really kind of a consumer advocacy
[03:33.290 --> 03:42.270]  approach. And I think while making trouble for vendors, a lot of other people saw the benefit
[03:42.270 --> 03:51.310]  of what we were doing. And that's how we got invited to go speak at the Senate. And famously,
[03:51.310 --> 03:57.150]  Mudge, who's there next to me, said we can take down the internet in 30 minutes. And we were
[03:57.150 --> 04:06.470]  talking about BGP vulnerabilities, which are still a problem. BGP hijacking is still definitely an
[04:06.470 --> 04:13.470]  issue a few years later. But I want to go back to sort of the beginning of sort of computer
[04:13.470 --> 04:21.850]  security. And when I go back to the beginning of computer security, I think of, you know,
[04:21.850 --> 04:30.550]  the Orange Book. This was a book that talked about design and security features, authentication,
[04:31.090 --> 04:38.630]  encryption, auditing. It really talked about security features. And the book was kind of
[04:38.630 --> 04:43.670]  made famous in the hacker community because it made an appearance in the movie Hackers.
[04:44.170 --> 04:49.830]  But it really was the way that people thought about computer security, you know, in the early
[04:49.830 --> 04:56.910]  and even in the mid 90s. It was all about security features. There's nothing in here about bugs in
[04:56.910 --> 05:03.790]  code, right? And we all know that that blows a hole right through any security feature. So there
[05:03.790 --> 05:10.810]  was a huge part of building secure systems that was completely missing until hackers started
[05:11.630 --> 05:19.210]  exploring and probing things. The other big way people thought about computer security was CERT,
[05:19.210 --> 05:25.410]  which was formed after the Morse worm. And in the early 90s, CERT said, you know, we'll start
[05:25.410 --> 05:30.750]  taking a look at these vulnerabilities. You know, if someone finds a vulnerability, send it to CERT.
[05:30.750 --> 05:37.410]  We'll understand it. We'll look at it. We'll talk to the vendors and we'll try to get them to fix it.
[05:37.610 --> 05:42.730]  But one of the things we found at the loft is when we first started dealing with CERT, if we found
[05:42.730 --> 05:49.110]  vulnerabilities, that we would send it to CERT and it would just become a black hole. We didn't know
[05:49.110 --> 05:55.470]  if the vendor fixed it, if they fixed it in a silent fix. The general public didn't know about
[05:55.470 --> 06:01.590]  it. So there was no way for them to know that they should be patching. And there was sort of no
[06:01.590 --> 06:07.990]  consequences for vendors who wrote, you know, buggy, insecure code because the general public didn't
[06:07.990 --> 06:13.250]  know about it. It was just something between CERT and the vendor. And, you know, I think that was
[06:13.250 --> 06:19.970]  pretty broken until hackers basically, you know, did an end run around that whole model.
[06:21.130 --> 06:30.610]  In the early days, there were some hackers that tried to start companies. The earliest company
[06:30.610 --> 06:37.590]  that I know of is a company called ComSec Data Security. And here's actually the press release
[06:39.030 --> 06:45.650]  from 1991. So the contacts here are Scott Chason and Chris Goggins, two of the founders
[06:46.390 --> 06:52.530]  of ComSec. And they're quite proud to say that they're comprised mainly of the now-defunct
[06:52.530 --> 07:00.090]  computer group, the Legion of Doom. And they plan to offer full-scale security package
[07:00.090 --> 07:07.010]  to private industry. I don't know if people remember Legion of Doom, but, you know, several
[07:07.010 --> 07:15.930]  members actually went to jail for CFAA violations. So, you know, maybe not the best group to be
[07:15.930 --> 07:21.890]  saying this is the basis of our company. But what they were saying also is they were
[07:21.890 --> 07:26.630]  bringing a fresh approach to the security consulting and the corporate marketplace.
[07:27.990 --> 07:34.950]  That they know how systems are compromised and what actions need to be taken to secure them.
[07:34.950 --> 07:41.530]  So this was actually a totally new thing. They were really kind of pioneering here, saying that
[07:41.530 --> 07:47.710]  they know how systems are compromised. And so that's the fresh approach. Isn't that amazing
[07:47.710 --> 07:55.350]  in 91 that that was brand new? And I have to applaud them for, you know, pioneering in the
[07:56.530 --> 08:02.510]  industry here. But in the press release, I thought this part was actually pretty interesting. They
[08:02.510 --> 08:07.770]  said that they were aware of the possible shock wave among the hacking underground over this
[08:07.770 --> 08:13.410]  venture. The firm maintains that they are security consultants and not informants or
[08:13.410 --> 08:18.590]  hacker trackers. We're not going to go after people. We are going to ensure that no one,
[08:18.590 --> 08:24.890]  hacker or corporate spy, can compromise the security of our clients' computers. So, you know,
[08:24.890 --> 08:31.950]  there was this idea that, like, if a hacker worked for a corporation, it was sort of narking, right?
[08:31.950 --> 08:38.970]  The only reason you're there is to, you know, tell them about the other hackers that were out
[08:38.970 --> 08:45.110]  there that you knew about from underground bulletin boards and mailing lists and bridges and things
[08:45.110 --> 08:49.810]  like that. And they were claiming that's not what they're doing. That's not what they're doing. But
[08:49.810 --> 08:56.190]  that was definitely a concern back then, this whole, you know, can the hacker community trust
[08:56.190 --> 09:00.770]  someone who goes into corporate world? So it really kind of went both ways.
[09:03.210 --> 09:14.510]  There was an interview afterwards by ISP News, and I thought this was actually kind of interesting.
[09:15.670 --> 09:20.750]  ISP News was saying, given where you're coming from, why should a potential client trust you?
[09:20.750 --> 09:26.050]  And the CG here is Chris Goggins, one of the founders. He says, I know it's a natural question,
[09:26.050 --> 09:33.330]  just the very nature of creating a company should project an image that we are trying to come out
[09:33.330 --> 09:37.590]  of the shadows, out of the underground. We're saying, look, everybody, we've been doing this
[09:37.590 --> 09:44.950]  for a long time. Now we want to help. And, you know, ISP News says, I'm sure you understand the
[09:44.950 --> 09:51.050]  natural suspicion that people have. And Goggins says, no, that's what I don't understand. If we
[09:51.050 --> 09:55.490]  at ComSec were out to compromise information from an existing company's computer network,
[09:55.490 --> 09:59.610]  we wouldn't have incorporated. We could have done that, and someone else could have
[09:59.610 --> 10:04.470]  already done so. Then the information would be available from one hacker to another.
[10:04.470 --> 10:11.090]  So he's really trying to say, hey, you know, we understand that people are going to be skeptical.
[10:12.570 --> 10:20.370]  But, you know, you can trust us. Unfortunately, ComSec didn't go very far. It was just too early.
[10:20.370 --> 10:26.750]  They couldn't get any customers. And, you know, some things had to happen between 91
[10:27.310 --> 10:33.410]  and the late 90s before people could start to trust hackers and hacker techniques
[10:34.550 --> 10:43.370]  to secure their systems. One of the big seminal papers, and something that was very seminal for me
[10:43.370 --> 10:50.090]  when I was starting out doing computer security, was this paper by Dan Farmer and Witte Venema in
[10:50.090 --> 10:56.490]  93. So just a couple years after ComSec. And they wrote this paper, improving the security of your
[10:56.490 --> 11:02.590]  site by breaking into it. And they published this as a paper. I'm not sure if it was published in
[11:02.590 --> 11:12.550]  USENIX security, but it was an academic paper that was in the form of something that a government
[11:12.550 --> 11:19.110]  security person or a corporate security person could kind of understand. It wasn't all shady,
[11:19.370 --> 11:26.550]  like Frack Magazine, etc. And basically, it just talked about, you know, look at the way that
[11:26.550 --> 11:33.650]  attackers are breaking into networks, collect all of those things together, and try them on your own
[11:35.090 --> 11:42.950]  network. Weak passwords, probing open ports, try exploiting trust,
[11:42.950 --> 11:49.590]  exploit known bugs. Imagine that, exploiting known vulnerabilities to see if you have them.
[11:49.590 --> 11:55.870]  This was a new concept in 93. And then they talked about locking down networks based on
[11:55.870 --> 12:03.570]  understanding how hackers were and attackers were going after networks.
[12:04.770 --> 12:11.010]  And then, a little bit later, well, not in the first one with Crack, but a little later,
[12:11.010 --> 12:19.550]  these hacker tools started to show up. Really, the first hacker tool that was sort of, you know,
[12:19.550 --> 12:27.550]  well known and well available was Crack by Alec Muffet. Came out in 1991. And his whole idea was
[12:27.550 --> 12:35.450]  do a dictionary attack, or a brute force attack on Unix passwords. Seemed like a reasonable thing
[12:35.450 --> 12:44.450]  to do. If attackers were guessing passwords, why not guess them first? And just do it right on the
[12:44.450 --> 12:51.110]  password file, the encrypted passwords. Seems to make complete sense now. But back then, this was
[12:51.110 --> 12:59.530]  considered only an attack tool. Why would a legitimate person use this kind of tool?
[12:59.950 --> 13:07.310]  Randall Schwartz was an admin at Intel that was actually fired and was charged with a felony
[13:07.310 --> 13:15.770]  for using Crack on the systems that he administered purely to tell the users of his system that they
[13:15.770 --> 13:24.750]  should pick a stronger password. Thankfully, later, the felony was, charges were reversed
[13:25.650 --> 13:31.150]  after a few years, but not so good for Randall Schwartz's career in the beginning. And of course,
[13:31.150 --> 13:38.350]  we know now, with Have I Been Honed? and lots of different things,
[13:38.350 --> 13:43.690]  figuring out if people are reusing passwords or weak passwords is critical.
[13:44.730 --> 13:51.650]  Satan was a tool created by Dan Farmer and Weetzie Venema a few years after they wrote their paper,
[13:51.650 --> 13:59.490]  basically automating the techniques that they said. So let's try all those vulnerabilities.
[13:59.490 --> 14:04.790]  Let's target all those misconfigurations. Let's automate the process of finding these problems
[14:04.790 --> 14:11.850]  on your network. Guess what? Dan Farmer got fired from his job at SGI for releasing this tool. He
[14:11.850 --> 14:18.210]  actually got fired for writing a tool, which is now a multi-billion dollar industry from the likes
[14:18.210 --> 14:27.090]  of, you know, Rapid7 and Qualys and Tenable. Dan got fired for pioneering the idea of network
[14:27.090 --> 14:33.210]  scanning for vulnerabilities. A little bit of trivia there, that logo on the right
[14:34.230 --> 14:43.830]  is the logo of Satan. And it was actually sketched by Neil Gaiman, the author of Sandman. So Dan was
[14:43.830 --> 14:50.250]  friends with him. And then the final tool I wanted to mention was Netcat by Hobbit, came out in 96,
[14:50.250 --> 14:54.370]  really as this network Swiss army knife. I'm sure everyone has used Netcat.
[14:55.630 --> 15:01.960]  Didn't do anything except set up connections and send data to those connections.
[15:02.170 --> 15:09.690]  I ported it to Windows and it actually turned out that that started getting flagged as something
[15:09.690 --> 15:16.830]  that was malicious code by antivirus. So if you actually wanted to use that to scan systems and
[15:16.830 --> 15:22.460]  test systems, you had to make sure that you didn't run a file of antivirus. So there's a lot of
[15:23.560 --> 15:31.420]  misunderstandings in the early days. And hackers created the first real true information
[15:32.600 --> 15:39.440]  sources about bugs in software, vulnerabilities, bug track with its full disclosure policy,
[15:39.440 --> 15:45.280]  famously went around what cert was trying to do. It was a place where people could publish
[15:45.280 --> 15:52.760]  information. If vendors weren't listening to you, you could just publish it publicly. And it
[15:52.760 --> 15:59.220]  was a place where like-minded security people could find that. Really radical in the beginning
[15:59.220 --> 16:07.420]  years. It was actually created in 1993 by Scott Chason, someone who, one of the founders of ComSec.
[16:07.420 --> 16:14.040]  So I think we have a lot to thank Scott Chason for, for pioneering and pushing the limits.
[16:14.600 --> 16:21.360]  He was also a, one of the early editors of FRAC, along with Chris Goggins, was one of the early
[16:21.360 --> 16:27.800]  editors of FRAC, which, you know, started in the late 80s and still goes today. Very popular in the
[16:27.800 --> 16:33.660]  mid 90s. Issues coming out on a monthly basis, all kinds of exploits and tools. And of course, we all
[16:33.660 --> 16:38.480]  know about DEF CON as a place where people can gather and give presentations. And that's, that's
[16:38.480 --> 16:44.880]  where we are here today. The first computer security presentations about sort of real security
[16:44.880 --> 16:53.600]  were created by hackers. And the other big change I think we saw with hackers entering the realm
[16:53.600 --> 17:02.220]  here of computer security was they made computer security a participatory sport. Capture the flags
[17:02.220 --> 17:08.960]  became a way to learn, learn by doing, learn by training with your adversaries, learn from your
[17:08.960 --> 17:18.280]  adversaries and make it fun. Right? Up until then, security was sort of set it and forget it. You
[17:18.280 --> 17:24.580]  know, maybe there was an audit by a, an audit and accounting firm to make sure you had, you know,
[17:24.580 --> 17:29.980]  passwords turned on and you had logging and all that. But it was very static. It was very set it
[17:29.980 --> 17:37.400]  and forget it and wait for the attackers to come. Where the hacking community really birthed this
[17:37.400 --> 17:44.120]  notion of the pen test and the red teaming and adversarial, the adverse, bringing in the adversarial
[17:44.120 --> 17:52.740]  nature for, for securing systems. And we know that that's made a huge, huge difference.
[17:54.740 --> 18:01.900]  So I was a member of the loft starting in 93. And, you know, four or five years later, we said, hey,
[18:01.900 --> 18:07.280]  you know, this is all fun. We're releasing things and that, but, you know, maybe this could be a
[18:07.280 --> 18:12.900]  business. Maybe we could actually do consulting. Maybe we could sell software. And actually in 97,
[18:12.900 --> 18:17.860]  we started selling loft crack. And we thought about, you know, maybe this could be a full time
[18:17.860 --> 18:26.260]  gig. So let's try, let's try consulting. And we knew about CommSec back in 91. And they, we knew
[18:26.260 --> 18:32.480]  that, you know, the loft was a known hacker group and we used our hacker names, but you know, maybe,
[18:32.480 --> 18:39.260]  maybe, maybe times have changed. Maybe we could have a go at this. And so we tried our hands at
[18:39.260 --> 18:45.220]  consulting. And one of the ways we did this was we found a local consulting company in the Boston
[18:45.220 --> 18:53.700]  area. And we talked to them and we said, you know, maybe you should start a consulting business.
[18:53.880 --> 19:03.860]  And the loft could, you know, be your security consulting business unit. And so we started
[19:03.860 --> 19:11.520]  talking to them about coming on as employees. And we said, there's no better way for us to demonstrate
[19:11.520 --> 19:19.960]  what our capabilities are than to try to hack, try to hack your company, right? Let's do a full-on
[19:19.960 --> 19:30.700]  penetration test of your company. So we talked them into letting us do this. We did it pro bono,
[19:30.700 --> 19:39.620]  you know, because we were trying to explain to them the value we had. So we did that. And we
[19:39.620 --> 19:44.940]  were actually negotiating with them at the time, right? We were negotiating with them saying,
[19:44.940 --> 19:50.000]  you know, what would our salaries be? What would the business look like? You know,
[19:50.460 --> 19:57.940]  what would be the parameters around us coming to work at your company?
[19:58.900 --> 20:10.860]  And we just did, we did a no-holds-barred, full-spectrum, you know, voicemail, wireless,
[20:10.860 --> 20:17.840]  physical security, internet connection, you know, you name it, it was on the list.
[20:17.840 --> 20:27.040]  It was in scope. We actually didn't do any email social engineering or voicemail social
[20:27.040 --> 20:35.760]  engineering. But we did do things like physically penetrate in order to do things like, you know,
[20:35.760 --> 20:45.840]  see what was in the trash and things like that. So here's the cover page of our security audit.
[20:45.840 --> 20:50.680]  We went, we didn't go by the loft, we went by LHI Technologies. We took the loft-heavy
[20:50.680 --> 20:57.180]  industries and made it LHI Technologies. And because we were doing some consulting,
[20:57.180 --> 21:01.660]  selling some software at the time, and that was a part of the loft history where we were
[21:01.660 --> 21:08.340]  actually sort of becoming a company. And we did this between August 20th and September 8th,
[21:08.980 --> 21:19.800]  1997. It was a completely black box test. And, you know, we use a combination of tools and
[21:21.280 --> 21:27.940]  network probing. I've blanked out the name of the company. It's been a few years, but
[21:28.500 --> 21:36.460]  just, you know, make sense to keep them confidential. Security in 1997 was a lot
[21:36.460 --> 21:44.340]  different than it is now. So just if I look, we look at the executive summary here,
[21:44.340 --> 21:50.420]  you can see that from the internet, we were pretty much able to totally own everything.
[21:50.420 --> 21:58.760]  All these critical corporate systems, Oracle databases, got corporate credit cards, voicemail,
[21:58.760 --> 22:05.720]  the network routers, the dial-up systems, personal email, their intranet site.
[22:06.760 --> 22:14.380]  So basically total ownage. And we did this without any kind of inside accomplices,
[22:14.380 --> 22:21.300]  no previous knowledge. Completely, completely black box. So, you know, I could do a whole
[22:21.300 --> 22:25.940]  presentation on the gory details of this, but I just wanted to highlight a couple things which
[22:25.940 --> 22:34.640]  I thought were interesting. Things you don't always see in a pen test. So one is, you know,
[22:34.640 --> 22:42.420]  one of the first ways we got in was through the web server. And if anyone had been doing
[22:42.420 --> 22:52.520]  hacking in 1996, you probably heard of the PHF vulnerability. It was a CGI bin that came
[22:52.520 --> 23:00.080]  pre-installed with Apache. And it had command injection, right? So you could just
[23:02.580 --> 23:11.160]  put a delimiter character in there and put your command. Pretty basic. But of course,
[23:11.160 --> 23:18.220]  you know, Apache should be running as its own user, right? It should be running as HTTPD,
[23:21.320 --> 23:26.000]  shouldn't allow you to compromise the system through this vulnerability, right? Maybe you
[23:26.000 --> 23:31.880]  could get... it's basically an information leakage if permissions are set correctly.
[23:31.880 --> 23:39.180]  But we were poking around and we actually saw that someone didn't set the permissions on
[23:40.460 --> 23:48.880]  HTTPD.conf file correctly. So the configuration file shouldn't be owned by the HTTPD process
[23:49.440 --> 23:54.940]  because, you know, then any code that executes from the web server could change the configuration
[23:54.940 --> 24:00.860]  and guess what part of the configuration of the server is? It's what user the server should run
[24:00.860 --> 24:09.940]  as. So we use this command injection to edit that file and change it so that the next time
[24:09.940 --> 24:17.120]  the server came up, the web server came up, it would be running as root. Nice little technique
[24:17.120 --> 24:22.560]  there. But then we did uptime on the system and we saw that the system had been running for over
[24:22.560 --> 24:31.900]  100 days. And, you know, we tried DDoSing it. But, you know, we basically had to wait for someone
[24:31.900 --> 24:36.840]  to reboot the server. And so we didn't think we were going to go... we weren't going to get in
[24:36.840 --> 24:42.020]  this way. We started probing some other systems and actually found some other vulnerabilities
[24:42.900 --> 24:50.300]  and were able to get in. But a few days later, I was listening to the news
[24:51.060 --> 25:00.860]  and I actually saw that there was a manhole explosion in Cambridge where this company was
[25:00.860 --> 25:09.860]  located. And unfortunately, an employee of the power company actually died in the manhole
[25:11.020 --> 25:19.380]  explosion. But it downed power in Cambridge for five hours. And after this happened,
[25:19.380 --> 25:27.440]  I started started probing, you know, the system and started looking at their web server. And it
[25:27.440 --> 25:32.800]  was up after an hour, it was up after a couple hours. So they obviously had backup. But after
[25:32.800 --> 25:40.940]  about three hours, the system went down and they didn't have enough backup for this five-hour power
[25:40.940 --> 25:47.380]  outage. And when the power came back up, it rebooted and we were now doing command execution
[25:47.380 --> 25:53.400]  as root. So I just thought that was a little bit... I had never come into a situation like that before
[25:53.400 --> 25:58.800]  in a pen test, but you just never know how things are going to go and what's going to go your way.
[26:00.020 --> 26:06.300]  The other thing I thought was pretty interesting was we, you know, looked at the voicemail,
[26:06.820 --> 26:13.520]  the voicemail systems. And you can see there on the left, the extension, we have the username in
[26:13.520 --> 26:19.400]  the middle. I've grayed out some of them. And then the password on the right. And you can see
[26:19.400 --> 26:25.020]  the new employee voicemail box gets a 1234 password. And you can see that some people never
[26:25.020 --> 26:34.040]  changed it, like IT and facilities service line was 1234. The travel line was 1234. Directions
[26:34.040 --> 26:39.440]  was 1234. But there's some other accounts on there where the extension and the password are the same,
[26:39.440 --> 26:46.380]  4069. And if you look down, there's 18629, where the extension was the same as the password.
[26:46.940 --> 26:54.740]  That actually happened to be the vice president that was negotiating with us at the time about
[26:54.740 --> 27:02.560]  joining the company. And we sort of listed out what we were expecting for salaries, benefits,
[27:02.560 --> 27:11.060]  how we wanted the jobs to work. And one of the things we really wanted was we wanted that
[27:11.840 --> 27:17.160]  step van, or I don't know if it was a bread truck or whatever, that was in sneakers.
[27:17.160 --> 27:25.500]  We wanted a sneakers van so that we could outfit it with electronic equipment to do wireless
[27:26.220 --> 27:33.680]  and surveillance and have the mobile hacking unit. It looked totally awesome. I think everyone
[27:33.680 --> 27:40.680]  who watched sneakers loved that. We put in that we wanted that. And we heard on this voicemail,
[27:40.680 --> 27:45.620]  so we captured a couple of voicemails as evidence that we were able to get in the account.
[27:46.040 --> 27:53.760]  And one of the voicemails was talking about those loft guys. And he said,
[27:53.760 --> 28:00.300]  these guys want an effing Winnebago. And they were not happy with us. They thought we were
[28:00.300 --> 28:06.500]  asking for the world. Sort of just didn't understand what we were going for.
[28:07.040 --> 28:13.280]  So you don't always have a situation where you're negotiating with your potential future employer
[28:13.980 --> 28:19.080]  while you're doing a no-holds-barred pen test with your get-out-of-jail-free card, right?
[28:19.080 --> 28:27.460]  So, again, another bit of an interesting situation. But, you know, we didn't end up
[28:27.460 --> 28:33.640]  joining there. And a couple years later, the loft ended up joining a startup company
[28:33.640 --> 28:42.600]  called At Stake, which just did information security consulting. And I'm sure some of you
[28:42.600 --> 28:50.660]  have heard of At Stake. This was an article from January 2000, where, you know, the way the news
[28:50.660 --> 28:57.400]  looked at it was using good hackers to battle bad hackers. If you have a murky past and doubt you
[28:57.400 --> 29:05.700]  could become a dot-com millionaire, think again. And I thought, you know, what a change from
[29:05.700 --> 29:15.340]  the 1991 with ComSec, really not being thought of as credible. So a lot of things had to happen
[29:15.340 --> 29:25.300]  over the 90s for really us to join At Stake and be perceived as a legitimate company. And
[29:25.960 --> 29:35.240]  so that's my story. That's my story from 2000. I hope that you enjoy this in 2020.
[29:36.540 --> 29:43.000]  And here's my contact information. There's this thing called Twitter is going to get invented,
[29:43.000 --> 29:49.020]  I think. And I'm going to found this company called Veracode in 2006. Just some of my future
[29:49.020 --> 29:54.640]  plans. So I hope you enjoyed it. I'm going to join on the Discord, which is another technology
[29:54.640 --> 30:04.600]  that's just going to be invented. And hopefully, we can chat. So bye-bye, everyone.
